From f5727cd31283aa478f7f9396c6eb7b5aceebb869 Mon Sep 17 00:00:00 2001
From: Xiubo Li
Date: Wed, 30 Apr 2014 17:31:08 +0800
Subject: [PATCH 1/3] regmap: Fix possible ZERO_SIZE_PTR pointer dereferencing
error.
Since we cannot make sure the 'len = pair_size * num_regs' will always
be none zero from the users, and then if 'num_regs' equals to zero by
mistake or other reasons, the kzalloc() will return ZERO_SIZE_PTR, which
equals to ((void *)16).
So this patch fix this with just doing the 'len' zero check before calling
kzalloc().
Signed-off-by: Xiubo Li
Signed-off-by: Mark Brown
---
drivers/base/regmap/regmap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index 63e30ef096e2..9596f3048939 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -1615,6 +1615,9 @@ static int _regmap_raw_multi_reg_write(struct regmap *map,
size_t pair_size = reg_bytes + pad_bytes + val_bytes;
size_t len = pair_size * num_regs;
+ if (!len)
+ return -EINVAL;
+
buf = kzalloc(len, GFP_KERNEL);
if (!buf)
return -ENOMEM;
From b48d13988bee440e43a510ea8878f1f329cee189 Mon Sep 17 00:00:00 2001
From: Geert Uytterhoeven
Date: Tue, 22 Apr 2014 12:47:29 +0200
Subject: [PATCH 2/3] regmap: Add missing initialization of this_page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
drivers/base/regmap/regmap.c: In function ‘_regmap_range_multi_paged_reg_write’:
drivers/base/regmap/regmap.c:1665: warning: ‘this_page’ may be used uninitialized in this function
Signed-off-by: Geert Uytterhoeven
Signed-off-by: Mark Brown
---
drivers/base/regmap/regmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index 9596f3048939..35869755d464 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -1665,7 +1665,7 @@ static int _regmap_range_multi_paged_reg_write(struct regmap *map,
int ret;
int i, n;
struct reg_default *base;
- unsigned int this_page;
+ unsigned int this_page = 0;
/*
* the set of registers are not neccessarily in order, but
* since the order of write must be preserved this algorithm
From 2e804b7c72d4efd2318428a2c1e40fd0e173c487 Mon Sep 17 00:00:00 2001
From: Philipp Zabel
Date: Fri, 16 May 2014 16:25:34 +0200
Subject: [PATCH 3/3] regmap: mmio: Fix regmap_mmio_write for uneven counts
Commit 932580409a9dacbf42215fa737bf06ae2c0aa624
"regmap: mmio: Add support for 1/2/8 bytes wide register address."
broke regmap_mmio_write for uneven counts, for example 32-bit register
addresses with no padding and 8-byte values (count = 5).
Fix this by allowing all counts large enough to include some value.
This check was BUG_ON(count < 4) before the last change.
Signed-off-by: Philipp Zabel
Signed-off-by: Mark Brown
---
drivers/base/regmap/regmap-mmio.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/base/regmap/regmap-mmio.c b/drivers/base/regmap/regmap-mmio.c
index 1e03e7f8bacb..902c4fb5c760 100644
--- a/drivers/base/regmap/regmap-mmio.c
+++ b/drivers/base/regmap/regmap-mmio.c
@@ -61,9 +61,9 @@ static int regmap_mmio_regbits_check(size_t reg_bits)
}
}
-static inline void regmap_mmio_count_check(size_t count)
+static inline void regmap_mmio_count_check(size_t count, u32 offset)
{
- BUG_ON(count % 2 != 0);
+ BUG_ON(count <= offset);
}
static int regmap_mmio_gather_write(void *context,
@@ -120,7 +120,7 @@ static int regmap_mmio_write(void *context, const void *data, size_t count)
struct regmap_mmio_context *ctx = context;
u32 offset = ctx->reg_bytes + ctx->pad_bytes;
- regmap_mmio_count_check(count);
+ regmap_mmio_count_check(count, offset);
return regmap_mmio_gather_write(context, data, ctx->reg_bytes,
data + offset, count - offset);